Single Sign-On for Interconnected Computer Systems

1. A computer apparatus, comprising: a primary computing device comprising: a primary identity manager, the primary identity manager authenticating a client computer based on a primary user identification and a primary password; and a first associated computing device comprising: a secondary identity manager; and a first computing node that supports a first application; and a computer communication network that interconnects the primary computing device and the first associated computing device; wherein: the primary computing device receives a provisioning request for the first application to be provisioned for the client computer; when the provisioning request is approved, the primary identity manager creates an application group for the first application with the client computer having the primary user identification; the primary computing device instructs, through the computer communication network, the first associated computing device to create authentication information for the client computer, the authentication information comprising the primary user identification; in response to the instructing, the secondary identity manager generates a secondary password for the client computer with the primary user identification, the secondary password being different from the primary password; the first computing node creates a user profile for the client computer with the primary user identification and the secondary password; when the client computer accesses the first computing node for the first application, receives the primary user identification and the primary password for the client computer through the primary computing device; a service initiation is triggered at the first associated computing device for the first application; the first associated computing device authenticates the primary user identification with the primary computing device for the first application; when the primary user identification is authenticated, the first associated computing device extracts the secondary password and primary user identification from the user profile; the first associated computing device authenticates the extracted secondary password with the secondary identity manager; and when the extracted secondary password is authenticated, the secondary identity manager issues a security token to the client computer for the first application.

2. The apparatus of claim 1 , wherein: the primary computing device further comprises an application manager; and the application manager receives an application indicator indicative that the first application is selected from a plurality of applications.

3. The apparatus of claim 1 , wherein: when the application manager receives an approval indicator indicative that the first application has been approved for the client computer, the application manager submits a group request that the primary user identification be added to the application group corresponding to the first application.

4. The apparatus of claim 3 , wherein: when the primary user identification has been added to the application group, the application manager initiates provisioning the first associated computing device for the client computer with the first application.

5. The apparatus of claim 1 , wherein: the application manager receives an application indicator indicative that a second application is selected from the plurality of applications.

6. The apparatus of claim 5 , wherein: the application manager initiates provisioning a second associated computing device for the client computer with the second application.

7. The apparatus system of claim 5 , wherein: the application manager initiates provisioning the first associated computing device for the client computer with the second application.

8. The apparatus of claim 1 , wherein: when the client computer requests service for the first application, the secondary identity manager interrogates the security token; and when the interrogation is successful, the secondary identity manager issues a service ticket to the client computer for the first application.

9. The apparatus of claim 8 , wherein: when the service ticket is presented by the client computer, the first computing node permits service for the first application.

10. The apparatus of claim 1 , wherein: the client computer submits the primary user identification and the primary password to the primary computing device; in response to the submitting, the first associated computing device receives a service request via the primary computing device; the first associated computing device authenticates the primary user identification with the primary computing device for the first application; when the primary user identification is authenticated, the first associated computing device extracts the secondary password and primary user identification from the user profile; the first associated computing device authenticates the extracted secondary password with the secondary identity manager; and when the extracted secondary password is authenticated, the secondary identity manager issues the security token to the client computer for the first application.

11. A method comprising: authenticating, by a primary computing device, a client computer based on a primary user identification and a primary password; receiving, by the primary computing device, a provisioning request for a first application to be provisioned for the client computer; when the provisioning request is approved, creating, by the primary computing device, an application group for the first application with the client computer having the primary user identification; instructing, by the primary computing device a first associated computer device to create authentication information for the client device, wherein the authentication information comprises the primary user identification; in response to the instructing, generating, by the first associated computing device, a secondary password for the client device with the primary user identification, the secondary password being different from the primary password; creating, by the first associated computing device, a user profile for the client device with the primary user identification and the secondary password; when the client device accesses the first associated computing device for the first application, receiving the primary user identification and the primary password through the primary computing device; triggering a service initiation at the first associated computing device for the first application; authenticating, by the first associated computing device, the primary user identification with the primary computing device for the first application; when the primary user identification is authenticated, extracting, by the first associated computing device, the secondary password and primary user identification from the user profile; authenticating, by the first associated computing device, the extracted secondary password with a secondary identity manager; and when the extracted secondary password is authenticated, issuing, by the first associated computing device, a security token to the client computer for the first application.

12. The method of claim 11 , further comprising: receiving, by the primary computing device, an application indicator indicative that a second application is selected from the plurality of applications.

13. The method of claim 12 , further comprising: initiating, by the primary computing device, provisioning a second associated computing device for the client computer with the second application.

14. The method of claim 12 , further comprising: initiating, by the primary computing device, provisioning the first associated computing device for the client computer with the second application.

15. The method of claim 11 , further comprising: when the client computer requests service for the first application, interrogating, by the first associated computing device, the security token; when the interrogation is successful, issuing, by the first associated computing device, a service ticket to the client computer for the first application; and when the service ticket is presented by the client computer, providing, by the first associated computing device, service for the first application.

16. One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to: authenticate a client computer based on a primary user identification and a primary password; receive a provisioning request for an application to be provisioned for the client computer; when the provisioning request is approved, create an application group for the application with the client computer having the primary user identification; instruct an associated computing device to create authentication information for the client computer, wherein the authentication information comprises the primary user identification; in response to the instructing, generate a secondary password for the client computer with the primary user identification, the secondary password being different from the primary password; create a user profile for the client computer with the primary user identification and the secondary password; when the client computer accesses the associated computing device for the application, receive the primary user identification and the primary password through a primary computing device; trigger a service initiation at the associated computing device for the application; authenticate, by the associated computing device, the primary user identification with the primary computing device for the application; when the primary user identification is authenticated, extract, by the associated computing device, the secondary password and primary user identification from the user profile; authenticate, by the associated computing device, the extracted secondary password with the secondary identity manager; and when the extracted secondary password is authenticated, issue, by the associated computing device, a security token to the client computer for the application.

17. An apparatus, comprising: at least one processor, the at least one processor comprising a secondary identity manager and a computing node; a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the apparatus to: when the apparatus receives an initiation from a primary computing device to provision a group for an application supported by the apparatus, generate, by the secondary identity manager, a secondary password for a client computer with the primary user identification, the secondary password being different from a primary password; create, by the computing node, a user profile for the client computer in the group with the primary user identification and the secondary password; trigger a service initiation for the group to provide service for the application; authenticate the primary user identification with the primary computing device for the application; when the primary user identification is authenticated, extract the secondary password and primary user identification from the user profile; authenticate the extracted secondary password with the secondary identity manager; and when the extracted secondary password is authenticated, issue, by the secondary identity manager, a security token to the client computer for the application through the communication interface.

18. The apparatus of claim 17 , wherein the memory storing computer-readable instructions that, when executed by the at least one processor, further cause the apparatus to: when the client computer requests service by presenting the security token for the application, interrogate, by the secondary identity manager, the security token; when the interrogation is successful, issue, by the secondary identity manager, a service ticket to the client computer for the application; and when the service ticket is subsequently presented by the client computer, enable, by the computing node, service for the application.